I’ll start by saying that typically I still see private DNS setup in the customer domain rather than in OCI, but recently I had a case where customer wanted OCI to manage specific internal sub-domain which we then used in the OCI Load Balancers.
For that, there was conditional forwarders setup on-premises with a rule that everything for *.private.thatfinnishguy.com would be forwarder to OCI Private DNS Listeners. This enables us to manage the DNS for everything under that sub-domain, in case of Disaster Recovery we would just switch the A record pointing to DR Region Load Balancer.
But in case of DR, the other Region would be down? How would you then resolve the addresses if you have the Private DNS running in Ashburn for example?
One way is to setup multiple DNS listeners in OCI, in both Regions and make sure the forwarding rule points to those listeners. What is important, is that you’ll update the same A records in all Regions you have the listener setup and there isn’t any drift between setups. Right now, the only thing is to do this manually (meaning you can obviously do it with scripting/Terraform/whatever) and there isn’t way to replicate changes further.
The design for this is very simple, similar to diagram below.
I’m assuming setting up the Private DNS listener is familiar, but just as a reminder I’ve written few posts on it earlier:
OCI Private DNS part 1 – Configuration
OCI Private DNS part 2 – DNS forwarders and listeners
After I’ve created DNS listener in the VCN, I create new Zone with private.thatfinnishguy.com, add that zone to my new private view and associate that view with VCN resolver. Now any query that is forwarded to my DNS listener will resolve the A records I’ve added.
I replicate the same changes to my secondary Region – in case of DR event I then would have possibility to change my A records pointing to correct resource in the DR region.
Setting up private DNS for OCI is fairly straightforward (and manual!), I would definitely like to see some ways to replicate changes to other Regions, or think on how you do this with Terraform for example. You don’t want to update these records manually each time. In perfect world, this would be fully automated and part of your DR process that A records would get updated.
Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…
I bet few years back folks didn't expect that by 2024 we would be able…
This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…
Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I've…